Mercurial > prosody-modules
view mod_incidents_handling/incidents_handling/mod_incidents_handling.lua @ 5593:6d0574bfbf5d
mod_client_management: Include software version in table (when known)
Showing software versions could be useful for statistical reasons, e.g.
determining how quickly (or not) users upgrade, but most importantly for
revoking vulnerable clients versions in case of a security issue.
author | Kim Alvefur <zash@zash.se> |
---|---|
date | Thu, 13 Jul 2023 23:26:02 +0200 |
parents | 7dbde05b48a9 |
children |
line wrap: on
line source
-- This plugin implements XEP-268 (Incidents Handling) -- (C) 2012-2013, Marco Cirillo (LW.Org) -- Note: Only part of the IODEF specifications are supported. module:depends("adhoc") local datamanager = require "util.datamanager" local dataforms_new = require "util.dataforms".new local st = require "util.stanza" local id_gen = require "util.uuid".generate local pairs, os_time, setmetatable = pairs, os.time, setmetatable local xmlns_inc = "urn:xmpp:incident:2" local xmlns_iodef = "urn:ietf:params:xml:ns:iodef-1.0" local my_host = module:get_host() local ih_lib = module:require("incidents_handling") ih_lib.set_my_host(my_host) incidents = {} local expire_time = module:get_option_number("incidents_expire_time", 0) -- Incidents Table Methods local _inc_mt = {} ; _inc_mt.__index = _inc_mt function _inc_mt:init() self:clean() ; self:save() end function _inc_mt:clean() if expire_time > 0 then for id, incident in pairs(self) do if ((os_time() - incident.time) > expire_time) and incident.status ~= "open" then incident = nil end end end end function _inc_mt:save() if not datamanager.store("incidents", my_host, "incidents_store", incidents) then module:log("error", "Failed to save the incidents store!") end end function _inc_mt:add(stanza, report) local data = ih_lib.stanza_parser(stanza) local new_object = { time = os_time(), status = (not report and "open") or nil, data = data } self[data.id.text] = new_object self:clean() ; self:save() end function _inc_mt:new_object(fields, formtype) local start_time, end_time, report_time = fields.started, fields.ended, fields.reported local _desc, _contacts, _related, _impact, _sources, _targets = fields.description, fields.contacts, fields.related, fields.impact, fields.sources, fields.targets local fail = false local _lang, _dtext = _desc:match("^(%a%a)%s(.*)$") if not _lang or not _dtext then return false end local desc = { text = _dtext, lang = _lang } local contacts = {} for contact in _contacts:gmatch("[%w%p]+%s[%w%p]+%s[%w%p]+") do local address, atype, role = contact:match("^([%w%p]+)%s([%w%p]+)%s([%w%p]+)$") if not address or not atype or not role then fail = true ; break end contacts[#contacts + 1] = { role = role, ext_role = (role ~= "creator" or role ~= "admin" or role ~= "tech" or role ~= "irt" or role ~= "cc" and true) or nil, type = atype, ext_type = (atype ~= "person" or atype ~= "organization" and true) or nil, jid = (atype == "jid" and address) or nil, email = (atype == "email" and address) or nil, telephone = (atype == "telephone" and address) or nil, postaladdr = (atype == "postaladdr" and address) or nil } end local related = {} if _related then for related in _related:gmatch("[%w%p]+%s[%w%p]+") do local fqdn, id = related:match("^([%w%p]+)%s([%w%p]+)$") if fqdn and id then related[#related + 1] = { text = id, name = fqdn } end end end local _severity, _completion, _type = _impact:match("^([%w%p]+)%s([%w%p]+)%s([%w%p]+)$") local assessment = { lang = "en", severity = _severity, completion = _completion, type = _type } local sources = {} for source in _sources:gmatch("[%w%p]+%s[%w%p]+%s[%d]+%s[%w%p]+") do local address, cat, count, count_type = source:match("^([%w%p]+)%s([%w%p]+)%s(%d+)%s([%w%p]+)$") if not address or not cat or not count or not count_type then fail = true ; break end local cat, cat_ext = ih_lib.get_type(cat, "category") local count_type, count_ext = ih_lib.get_type(count_type, "counter") sources[#sources + 1] = { address = { cat = cat, ext = cat_ext, text = address }, counter = { type = count_type, ext_type = count_ext, value = count } } end local targets, _preprocess = {}, {} for target in _targets:gmatch("[%w%p]+%s[%w%p]+%s[%w%p]+") do local address, cat, noderole, noderole_ext local address, cat, noderole = target:match("^([%w%p]+)%s([%w%p]+)%s([%w%p]+)$") if not address or not cat or not noderole then fail = true ; break end cat, cat_ext = ih_lib.get_type(cat, "category") noderole_ext = ih_lib.get_type(cat, "noderole") if not _preprocess[noderole] then _preprocess[noderole] = { addresses = {}, ext = noderole_ext } end _preprocess[noderole].addresses[#_preprocess[noderole].addresses + 1] = { text = address, cat = cat, ext = cat_ext } end for noderole, data in pairs(_preprocess) do local nr_cat = (data.ext and "ext-category") or noderole local nr_ext = (data.ext and noderole) or nil targets[#targets + 1] = { addresses = data.addresses, noderole = { cat = nr_cat, ext = nr_ext } } end local new_object = {} if not fail then new_object["time"] = os_time() new_object["status"] = (formtype == "request" and "open") or nil new_object["type"] = formtype new_object["data"] = { id = { text = id_gen(), name = my_host }, start_time = start_time, end_time = end_time, report_time = report_time, desc = desc, contacts = contacts, related = related, assessment = assessment, event_data = { sources = sources, targets = targets } } self[new_object.data.id.text] = new_object self:clean() ; self:save() return new_object.data.id.text else return false end end -- // Handler Functions // local function report_handler(event) local origin, stanza = event.origin, event.stanza incidents:add(stanza, true) return origin.send(st.reply(stanza)) end local function inquiry_handler(event) local origin, stanza = event.origin, event.stanza local inc_id = stanza:get_child("inquiry", xmlns_inc):get_child("Incident", xmlns_iodef):get_child("IncidentID"):get_text() if incidents[inc_id] then module:log("debug", "Server %s queried for incident %s which we know about, sending it", stanza.attr.from, inc_id) local report_iq = stanza_construct(incidents[inc_id]) report_iq.attr.from = stanza.attr.to report_iq.attr.to = stanza.attr.from report_iq.attr.type = "set" origin.send(st.reply(stanza)) origin.send(report_iq) return true else module:log("error", "Server %s queried for incident %s but we don't know about it", stanza.attr.from, inc_id) origin.send(st.error_reply(stanza, "cancel", "item-not-found")) ; return true end end local function request_handler(event) local origin, stanza = event.origin, event.stanza local req_id = stanza:get_child("request", xmlns_inc):get_child("Incident", xmlns_iodef):get_child("IncidentID"):get_text() if not incidents[req_id] then origin.send(st.error_reply(stanza, "cancel", "item-not-found")) ; return true else origin.send(st.reply(stanza)) ; return true end end local function response_handler(event) local origin, stanza = event.origin, event.stanza local res_id = stanza:get_child("response", xmlns_inc):get_child("Incident", xmlns_iodef):get_child("IncidentID"):get_text() if incidents[res_id] then incidents[res_id] = nil incidents:add(stanza, true) origin.send(st.reply(stanza)) ; return true else origin.send(st.error_reply(stanza, "cancel", "item-not-found")) ; return true end end local function results_handler(event) return true end -- TODO results handling -- // Adhoc Commands // local function list_incidents_command_handler(self, data, state) local list_incidents_layout = ih_lib.render_list(incidents) if state then if state.step == 1 then if data.action == "cancel" then return { status = "canceled" } elseif data.action == "prev" then return { status = "executing", actions = { "next", default = "next" }, form = list_incidents_layout }, {} end local single_incident_layout = state.form_layout local fields = single_incident_layout:data(data.form) if fields.response then incidents[state.id].status = "closed" local iq_send = ih_lib.stanza_construct(incidents[state.id]) module:send(iq_send) return { status = "completed", info = "Response sent." } else return { status = "completed" } end else if data.action == "cancel" then return { status = "canceled" } end local fields = list_incidents_layout:data(data.form) if fields.ids then local single_incident_layout = ih_lib.render_single(incidents[fields.ids]) return { status = "executing", actions = { "prev", "complete", default = "complete" }, form = single_incident_layout }, { step = 1, form_layout = single_incident_layout, id = fields.ids } else return { status = "completed", error = { message = "You need to select the report ID to continue." } } end end else return { status = "executing", actions = { "next", default = "next" }, form = list_incidents_layout }, {} end end local function send_inquiry_command_handler(self, data, state) local send_inquiry_layout = dataforms_new{ title = "Send an inquiry about an incident report to a host"; instructions = "Please specify both the server host and the incident ID."; { name = "FORM_TYPE", type = "hidden", value = "http://jabber.org/protocol/commands" }; { name = "server", type = "text-single", label = "Server to inquiry" }; { name = "hostname", type = "text-single", label = "Involved incident host" }; { name = "id", type = "text-single", label = "Incident ID" }; } if state then if data.action == "cancel" then return { status = "canceled" } end local fields = send_inquiry_layout:data(data.form) if not fields.hostname or not fields.id or not fields.server then return { status = "completed", error = { message = "You must supply the server to quest, the involved incident host and the incident ID." } } else local iq_send = st.iq({ from = my_host, to = fields.server, type = "get" }) :tag("inquiry", { xmlns = xmlns_inc }) :tag("Incident", { xmlns = xmlns_iodef, purpose = "traceback" }) :tag("IncidentID", { name = data.hostname }):text(fields.id):up():up():up() module:log("debug", "Sending incident inquiry to %s", fields.server) module:send(iq_send) return { status = "completed", info = "Inquiry sent, if an answer can be obtained from the remote server it'll be listed between incidents." } end else return { status = "executing", form = send_inquiry_layout }, "executing" end end local function rr_command_handler(self, data, state, formtype) local send_layout = ih_lib.get_incident_layout(formtype) local err_no_fields = { status = "completed", error = { message = "You need to fill all fields, except the eventual related incident." } } local err_proc = { status = "completed", error = { message = "There was an error processing your request, check out the syntax" } } if state then if data.action == "cancel" then return { status = "canceled" } end local fields = send_layout:data(data.form) if fields.started and fields.ended and fields.reported and fields.description and fields.contacts and fields.impact and fields.sources and fields.targets and fields.entity then if formtype == "request" and not fields.expectation then return err_no_fields end local id = incidents:new_object(fields, formtype) if not id then return err_proc end local stanza = ih_lib.stanza_construct(id) stanza.attr.from = my_host stanza.attr.to = fields.entity module:log("debug","Sending incident %s stanza to: %s", formtype, stanza.attr.to) module:send(stanza) return { status = "completed", info = string.format("Incident %s sent to %s.", formtype, fields.entity) } else return err_no_fields end else return { status = "executing", form = send_layout }, "executing" end end local function send_report_command_handler(self, data, state) return rr_command_handler(self, data, state, "report") end local function send_request_command_handler(self, data, state) return rr_command_handler(self, data, state, "request") end local adhoc_new = module:require "adhoc".new local list_incidents_descriptor = adhoc_new("List Incidents", xmlns_inc.."#list", list_incidents_command_handler, "admin") local send_inquiry_descriptor = adhoc_new("Send Incident Inquiry", xmlns_inc.."#send_inquiry", send_inquiry_command_handler, "admin") local send_report_descriptor = adhoc_new("Send Incident Report", xmlns_inc.."#send_report", send_report_command_handler, "admin") local send_request_descriptor = adhoc_new("Send Incident Request", xmlns_inc.."#send_request", send_request_command_handler, "admin") module:provides("adhoc", list_incidents_descriptor) module:provides("adhoc", send_inquiry_descriptor) module:provides("adhoc", send_report_descriptor) module:provides("adhoc", send_request_descriptor) -- // Hooks // module:hook("iq-set/host/urn:xmpp:incident:2:report", report_handler) module:hook("iq-get/host/urn:xmpp:incident:2:inquiry", inquiry_handler) module:hook("iq-get/host/urn:xmpp:incident:2:request", request_handler) module:hook("iq-set/host/urn:xmpp:incident:2:response", response_handler) module:hook("iq-result/host/urn:xmpp:incident:2", results_handler) -- // Module Methods // module.load = function() if datamanager.load("incidents", my_host, "incidents_store") then incidents = datamanager.load("incidents", my_host, "incidents_store") end setmetatable(incidents, _inc_mt) ; incidents:init() end module.save = function() return { incidents = incidents } end module.restore = function(data) incidents = data.incidents or {} setmetatable(incidents, _inc_mt) ; incidents:init() end